The following document is from the PRIVACY Forum Archive at Vortex Technology, Woodland Hills, California, U.S.A. For direct web access to the PRIVACY Forum and PRIVACY Forum Radio, including detailed information, archives, keyword searching, and related facilities, please visit the PRIVACY Forum via the web URL: http://www.vortex.com ----------------------------------------------------------------------- PRIVACY Forum Digest Sunday 7 June 1992 Volume 01 : Issue 03 Moderated by Lauren Weinstein, Vortex Technology, Topanga, CA, U.S.A. ===== PRIVACY FORUM ===== CONTENTS FBI Wiretap Issues (Moderator--Lauren Weinstein) Wells Fargo Bank Offers Security Codes (Moderator--Lauren Weinstein) Re: e-mail privacy; a cheap solution? (Steve Bellovin) Digital one time pads (A. Padgett Peterson) E-mail privacy; a cheap solution? (Bob Leone) *** Please include a MEANINGFUL "Subject:" line on all submissions! *** ----------------------------------------------------------------------------- The PRIVACY Forum is a moderated digest for the discussion and analysis of issues relating to the general topic of privacy (both personal and collective) in the "information age" of the 1990's and beyond. The moderator will choose submissions for inclusion based on their relevance and content. Submissions will not be routinely acknowledged. ALL submissions should be addressed to "privacy@cv.vortex.com" and must have MEANINGFUL "Subject:" lines. Subscriptions are by an automatic "listserv" system; for subscription information, please send a message consisting of the word "help" (quotes not included) in the BODY of a message to: "privacy-request@cv.vortex.com". Mailing list problems should be reported to "list-maint@cv.vortex.com". Mechanisms for obtaining back issues will be announced when available. All submissions included in this digest represent the views of the individual authors and all submissions will be considered to be distributable without limitations. For information regarding the availability of this digest via FAX, please send an inquiry to privacy-fax@cv.vortex.com, call (310) 455-9300, or FAX to (310) 455-2364. ----------------------------------------------------------------------------- VOLUME 01, ISSUE 03 Quote for the day: Russian Spy: "Are you trying to tell me that every phone in the country is tapped?" American Spy: "That's what's in my head..." Russian Spy: "But Don! This is AMERICA... not RUSSIA!" --- "The President's Analyst" (1967) ---------------------------------------------------------------------- Date: Sun, 07 Jun 92 13:12:00 PDT From: lauren@cv.vortex.com (Lauren Weinstein; PRIVACY Forum Moderator) Subject: FBI Wiretap Issues Greetings. As most of you are probably aware, a considerable amount of interest and debate has recently been triggered by Justice Department/FBI regulations which have been proposed regarding wiretapping, and the provision of related call information (e.g. call forwarding and speed dial codes, etc.), in the age of digital telecommunications networks. In brief, the rules propose that telephone companies, long distance carriers, and most other telecommunications entities (including, apparently, local PBX operations) be required to provide mechanisms for authorized law enforcement to monitor communications, without being impeded by the technological changes being wrought on communications by rapidly evolving digital technologies and networks. I've called these proposals "Dial-A-Wiretap" in some recent interviews. The argument is that the "old" techniques of wiretapping and monitoring are rapidly being made impotent by digital technologies that multiplex many conversations into high speed digital channels, and which in other ways make "low-tech" tapping difficult or impossible. It is futher argued that authorized taps are critical to law enforcement activities and can play an invaluable role in protecting lives and property. There are those (myself included) who, while agreeming that properly authorized wiretaps can have important roles in law enforcement, are nonetheless concerned that the sorts of access being proposed might amount to the ability to set up "instant" and "perfect" wiretaps to almost any phone at any time, simply by changing the routing of the digital data flowing through the switches and networks. The question comes up as to whether law enforcement wants to make sure it is *possible* to do taps or whether what is really desired is a mechanism to make it *trivial* to do taps, especially from distant, centralized locations. It is argued by the proponents of the new regulations that adequate controls would be in place to prevent abuse of such facilities, and that only "properly authorized" taps would take place. Unfortunately, the history of wiretaps shows that where it is possible for a system to be abused, the odds are that it will be, either by people inside or outside of the system. A topic of possible discussion for this digest would be how the conflicts presented by these issues can be resolved. My personal view is that authorized wiretaps can be important, and that if any sort of direct access to the network is granted, it must be via some *independent* (not telco, not government) third party who would technologically control the access. Simply relying on the self-restraint of the parties with vested interests would not seem like the best possible procedure. If there is some way to avoid granting direct access at all, so much the better. Or is there another solution? Should unrestricted access be granted, subject only to procedural controls? Should no access at all be granted? If no access is granted, how can authorized wiretaps be accomplished? Given that authorized wiretaps play an important and necessary role, how can a balance be struck? Or would you argue that no wiretaps at all should be permissible? What would be the ramifications of such a decision to important law enforcement and security efforts? Finally, how does the availability of efficient telephone encryption systems enter into the mix? Plenty to think about. --Lauren-- ------------------------------ Date: Sun, 07 Jun 92 13:33:00 PDT From: lauren@cv.vortex.com (Lauren Weinstein; PRIVACY Forum Moderator) Subject: Wells Fargo Bank Offers Security Codes In a refreshing change from the usual attitude regarding customer security and privacy, Wells Fargo (a very large California bank) is willing to put arbitrary security codes, which can be essentially any number or word combination, on customer accounts. The codes are then needed, in addition to the usual social security number and related information, to conduct transactions regarding those accounts by phone. There are some limitations and side-effects to specifying these codes, so if you're interested you should contact a Wells Fargo representative for details. Tellers may not know anything about this, but the telephone support folks should be fairly well informed about its availability. Note that Wells has *not* been promoting the fact that this service is available, probably since they don't want to deal with large numbers of customers who will end up calling and complaining that they forget their codes (a typical reason why such security systems are often resisted by financial institutions). Anyway, it's an all too rare, but very positive step. --Lauren-- ------------------------------ Date: Sat, 30 May 92 21:45:05 PDT From: smb@ulysses.att.com Subject: Re: e-mail privacy; a cheap solution? The encryption scheme Charlie Stross describes is a variant on the ``book cipher'', which has been known for quite some time. Unfortunately, it's also been solved -- by Friedman, in the 1920's, as I recall. The basic solution algorithm involves guessing at some probable plaintext. From that, one can derive the encryption key. Now, if the encryption key is taken from something with considerable redundancy -- a book, or a piece of music -- a recognizable pattern will show up if the guess at the plaintext was correct. From that, one can predict, if not the actual next key value, at least a set of likely or legal values. These can be used to produce candidate plaintexts, which must also be recognizable. One thus proceeds in parallel to reconstruct both the plaintext and the key. Further information can be found in David Kahn's ``The Codebreakers'' (*the* starting point for any discussion of cryptography) and in Leighton and Matyas's ``The History of Book Ciphers'', from the Proceedings of Crypto '84. There are variations on the scheme proposed that could, most likely, be made secure. Unfortunately, the scheme fails for more fundamental reasons. The issue is not simply choice of an encryption algorithm -- as has been noted, one-time pads are provably secure -- but distribution of keys. I send and receive dozens of email messages a day, often to individuals with whom I have never communicated before. There is no practical way to distribute all of the needed one-time pads. And one must *never* reuse a one-time pad, or there is a considerable risk of compromise. This is the reason one-time pads are not universally used -- because shipping relatively short keys around, and generating them on the fly at some key distribution center *is* feasible. I'm also not puzzled by the lack of more public-key cryptosystems. Put simply, why should there be more of them? Devising such schemes is hard. Many have been proposed; generally, they're either determined to be insecure, or they're impractical for some reason. There's one where the public keys are tens of thousands of bytes long. Think what that would do do the average privacy-enhanced email message, which includes the sender's public key in the header. Besides, there is a scheme which is considered to be both secure and practical: RSA. The objections to its use within the U.S. lie in its patent status. But that's a financial problem, and far from an insurmountable one. One more point is worth adding. Cryptographically speaking, until very recently the civilian community hasn't had a clue. Take DES, for example, which was a product of IBM (*not* NSA, though they reviewed its design). Until Biham and Shamir's work over the last two or three years, no one else in the outside community had any idea why the S-boxes were built they way they were. Suspicions arose that NSA had tampered with the design. Had they? Shamir himself says that he thinks that DES is about as strong as it could possibly be, given its basic structure. Even the decision to shorten the key length to 56 bits, often trumpted as an example of NSA's meddling, may have served to strengthen DES against any attack short of exhaustive search. (That's my own interpretation of assorted results; I'll be glad to discuss my reasoning further if anyone wishes.) The net result is this: most people don't know how to design secure cryptosystems. More precisely, since they don't know what makes a system insecure, they have no way of avoiding the problem. (I'm certainly not excluding myself; I'm neither a mathematician nor a cryptographer.) But the issue is much simpler than conspiracy theorists would have us believe; it's just that the civilian community lacks the decades of continuous experience in the field. --Steve Bellovin ------------------------------ Date: Sun, 31 May 92 12:11:11 PDT From: padgett@tccslr.dnet.mmc.com (A. Padgett Peterson) Subject: digital one time pads >From: Charlie Stross >Subject: e-mail privacy; a cheap solution? >Take a CD-ROM drive with a device driver for playing audio CD's >and randomly accessing audio tracks. Most multi-media kit should >already be capable of doing this. Take a random music CD off your >shelf and start playing it at a random offset; redirect the bit >stream to a file. Actually a pretty good idea Harold Highland & I discussed a while back except that the dictionary from any good wordprocessor was going to be used. Big & already digital. Make a marvelous book code. Of course the entire question is academic since generating masses of random digits is one thing that computers are *really*good*at* so why bother with CDs (or dictionary) at all ? Of course both sides of the conversation have to have the same key or you get garbage but for two people this is not a problem, for a network though... One point I would like to make, many people are hung up on "massively parallel" computers running through all the possible permutations of keys being able to break DES (or whatever) in a month/week/day/nanosecond. Sure, but the real kwestion is: how do you *know* when you broke it ? Warmly, Padgett ------------------------------ Date: Sat, 30 May 92 22:30:27 PDT From: Bob Leone Subject: e-mail privacy; a cheap solution? While I agree with the moderator's observation regarding the ease to which the "CD" encryption scheme can be broken, there's a lot to be said in favor of widespread use of even easily-broken encryption schemes: it would make it infeasible for govt to routinely monitor communications. Currently, it is feasible for the govt to monitor Internet e-mail traffic and select out messages containing certain keywords. Also, if only a tiny number of messages on the net are encrypted, then the encrypted messages practically scream "Look at me! Look at me! This message discusses something that you'll probably be interested in!". But if the majority of e-mail traffic is routinely encrypted, and by various encryption schemes, then it becomes much more expensive for the govt to engage in random snooping. Also, if most traffic is routinely encrypted, and you send a confidential message that you encrypt using a particularly secure scheme, your message won't stand out so much. ------------------------------ End of PRIVACY Forum Digest 01.03 ************************